This is an extremely bad idea, since while you can cancel a credit card, you can't cancel your fingerprints. It's just a matter of time before someone figures out a way to use a fingerprint gathered by some undetermined means (discarded coke can, mail-in response form, etc...), scans it and spoofs the terminal into draining your account. And since it's allegedly been "signed" by your print, you can't refute it.
Quite frankly, this system scares the heck out of me.
The easiest way to combat piracy is not coming up with new copy-protection schemes, but coming up with a decent business model that takes away the incentive and makes it easy to legally purchase / rent movies online. I know if I could subscribe to a service to download current TV series for say $20/month, I'd do it in a heartbeat. And I'd wager I'm not the only one.
This guy needs to chill out. Instead of reacting in a knee-jerk, vindictive fashion, he could have:
Simply restricted access to the game for all requests with a referrer of fuddruckers.com by configuring the web server.
Contacted the webmaster and politely discuss options for hosting and credit. Who knows if he could have even made some money and publicity out of the deal.
Redirected requests coming from fuddruckers.com to a page explaining why he thinks hotlinking is wrong.
Instead, he decides to show the world that he's an immature jerk, and in so doing reinforce public opinion of geeks as being primarily anti-social losers.
I think the decline can be attributed to a few factors:
1. Increased use of SPAM and virus filters on email, esp. at the provider level 2. It's no longer really a challenge to write email worms, etc. So the only people writing them are the ones trying to work for spammers
The new threat is going to be in viruses written for mobile phones with ever increasing OS capabilities, memory and CPU power. I'm not an anti-MS bigot, but I don't really want any version of windows at all on any mobile device that I store confidential info on. As more and more phones keep coming out that support advanced OS', you can expect more and more viruses for these devices.
Absolutely... if we can just get our weapons' size down to a few microns, and get (Al Quaida|Ruskies|Iraq|Iran|North Korea|Massachusetts) to limit their surveillance techniques to the proper wavelength, then this will be really breakthrough technology!
If you don't feel like forking over money, download OpenSSL and generate your own certs. Here's a good how-to if you're interested. But if you go this route, your users will either have to install your root certificate into their browser's trusted store (I don't recommend this, but hey, it's your computer), or they'll have to click through an annoying dialog warning that the certificate is not trusted.
What you're paying for when you buy a certificate is not so much the certificate itself, but for the processes surrounding the issuing of said certificate. When getting a certificate, you must prove to the registration authority that you are who you are, and that you have the legal right to obtain a certificate for your organization. Only after this verification has taken place will you be issued a certificate from a trusted authority. But your users can examine the certificate's chain of trust, and verify who they're talking to. Impossible to do with a self-signed or otherwise untrusted certificate.
Why, pray tell, should RealSoftware sue the USPTO because Microsoft filed an application for a patent? So far, there's no indication of whether the patent will be granted or not. So hold off on your "Let's sue the bastards rhetoric" for a while, and try to actually read the article for a change.
It's funny that the so-called security expert can't tell the difference between sites running on IIS and on servlet containers.
His very last example exploit showed clearly that the support.t-mobile.com site was in fact running on Resin, and the NumberFormatException indicates that at least in this case, the input parameters were being validated. You should notice that there is not a single class in the stack trace from a JDBC driver, and that the parameter was being converted to an integer. Hence no danger of an SQL injection attack. I'm not saying that it was handled 100% correctly by the app's programmer -- you should never let the user see that kind of error page. In any case, I would honestly expect that an expert such as the author of that article would have at least a little experience writing servlet-based apps and knowlege of how to read a Java stack trace.
My bank in the Czech Republic issued me an electronic key back in '98 that generates pseudo-random one-time passwords, and is also used authorize individual transfers. When I want to transfer money online, I have to generate a password on the electronic key, and it doesn't matter if somebody's managed to install sniffer software on my computer or not. The code is good just once. Then when actually sending the money, I have to enter the receiving account, amount, etc. and generate an authorization code (which is most likely a hash of a one-time password + transaction detail data). Again, it's completely useless to anyone who intercepts it.
Since this stuff has been around for seven years now in a country that most US IT workers would consider to be third-world, I think it's fair to say that US banks are way behind the ball if they're not providing non-hackable hardware keys to their customers. If anything, a class-action suit should bring up the fact that banks aren't doing near enough to protect their customers.
Sorry to disagree with you, but IMHO, Quicktime is the work of the devil. For years non-Mac users have had to deal with the buggy players offered for download by Apple. It's quality at low bandwidth is not that great, and you can forget about converting the files to something more reasonable and portable.
As any mouse user can tell you, taking your hands off your keyboard is damaging to your productivity.
My wife is a mouse user, and quite frankly, I don't think I'll ever convice her that the mouse is a productivity killer. While I mysef, having grown up with command line interfaces (MS-DOS 3.1 anyone?) on the PC, I really doubt that Joe User has any sort of shell installed (Cygwin or MinGW MSYS) at all. I may prefer to use command-line tools, but that doesn't mean that all people do. So to answer your point, most mouse users, just like my wife, need the mouse to function. Just because you or I may be able to work more efficiently without one doesn't mean that the vast majority of people could function without one.
Plenty of differences
on
Java 1.5 vs C#
·
· Score: 2, Insightful
Sorry, but there are still some major differences in the two. I've looked at the new features in Java 1.5 and agree that yes, they are definitely a plus.(Note: I code nowadays almost exclusively in Java):
No unsigned integer type in Java -- if you need an unsigned long, you're SOL. So it's pretty difficult to code certain numerical algorithms (compression and encryption, anyone?)
Java the language is inextricably tied to the JVM - C# is just another option for developing for.NET.
For enterprise-grade work I still prefer J2EE over.NET, but that really more depends on what client I'm working for at the time. At the end of the day, both get the job done.
In the Czech Republic there's not only a TV tax, but a radio tax as well -- doesn't matter if you're a foreigner and can't understand the language or not, you must pay regardless. Unfortunately, the fact that you're paying for the public stations whether you watch them or not has no effect whatsoever on the quality of the programming offered. I think it's pretty much a European thing.
But as far as the German TV tax for PC's, that's just an example of the current socialist (or is it Social Democrat???, I forget the correct translation) government looking for more ways to suck more tax money from the German taxpayers.
Come on, this is not a software patent. This is a hardware patent, involving actual research and engineering!
Bitch all you want to about software patents, but physical inventions have been and will continue to be valid. Information may want to be free, but the atoms that make up the physical world are rather fond of various forces keeping them bound. And that's the way it should be.
Force people to install security updates or sell the PCs with them all pre installed and make windows update automaticly run once a month.
Sorry, but I'm not going to let any program, Windows Update included, automaticly [sic] run on my computer and update software willy-nilly. If you do this, you're just looking for trouble down the road when some "update" happens to either break software that you've got installed or install "new and improved" DRM from MS. You have to remember that a large number of updates from MS nowadays are not easily uninstalled... think twice before letting anything like that onto your system.
While I do feel for the guy, this is going way overboard. In effect he's gone and made himself judge, jury and executioner. The simple fact is that it he's opening himself up to major trouble. If for instance someone reverse engineered the algorthim for generating serial numbers, and then started distributing them, a paying customer could get serious screwed when his password is deemed "pirated" by the system. The biggest danger of this is during reinstallation after a system reinstall (never have to that under Windows, though...) -- it's six months since he legally bought the product, and all of a sudden, during reinstall, all of the user data is simply and suddenly gone. He had a choice of either making the software easier to install, sacrificing security of the serial numbers, or more difficult to install. He chose to make it easier to install, and should now live with that choice.
Why "unfortunately"? Sidestepping the usual arguments based on the communist manifesto ("information wants to be free"), look at it from another angle.
If the man broke the law, he should face the consequences. He broke into a computer in the USA, so he should be tried there. If it was your home computer that he broke into, you'd be screaming bloody murder, but he broke into a campus system, which somehow makes him a "hero".
He illegally distributed stolen software via this computer in the USA, so he should be tried there.
Uh, don't know which planet you're from, but when was the last time that you read an article on an on-line news server (CNN, MSNBC, Reuters, etc.) that didn't have at least one glaring spelling or grammatical error?
Morpheus? Morpheus has been dead since they (were forcibly) switched to the Gnutella network. And if you read the legal opinion of the appeals court, it doesn't say that file sharing is inherently legal, just that the makers of the software are not liable for what their users do -- that's quite a large difference.
"So how long until everything in the home has its own IP address and script kiddies decide to get their kicks messing with your air conditioning during a heat wave?"
And just why exactly do you think that these devices are going to be open to the internet at large? Just because some marketing dweeb decided to call it "internet-enabled", doesn't mean that it's going to be on the net. Face it, having an ethernet port and webserver is not the same thing as being connected to the internet. These devices are designed to be run on a local network, which is likely behind some sort of DSL/cable-modem router, which means that unless the user goes to great lengths to do so, the devices are not visible. If of course you decide to set up NAT to let other people get to your thermostat, then you should be ready to feel the heat...
Slashdot Mirror
This is an extremely bad idea, since while you can cancel a credit card, you can't cancel your fingerprints . It's just a matter of time before someone figures out a way to use a fingerprint gathered by some undetermined means (discarded coke can, mail-in response form, etc...), scans it and spoofs the terminal into draining your account. And since it's allegedly been "signed" by your print, you can't refute it.
Quite frankly, this system scares the heck out of me.
The easiest way to combat piracy is not coming up with new copy-protection schemes, but coming up with a decent business model that takes away the incentive and makes it easy to legally purchase / rent movies online. I know if I could subscribe to a service to download current TV series for say $20/month, I'd do it in a heartbeat. And I'd wager I'm not the only one.
- Simply restricted access to the game for all requests with a referrer of fuddruckers.com by configuring the web server.
- Contacted the webmaster and politely discuss options for hosting and credit. Who knows if he could have even made some money and publicity out of the deal.
- Redirected requests coming from fuddruckers.com to a page explaining why he thinks hotlinking is wrong.
Instead, he decides to show the world that he's an immature jerk, and in so doing reinforce public opinion of geeks as being primarily anti-social losers.I wonder how many of these innocent granny types are going to be getting nice subpoenas from the MPAA...
None. The MPAA cannot subpoena anyone. They can however ask a court to do so.
Actually, a better alternative would be to sentence him to sending apologies to all of the people whose addresses he stole.
By hand. One at a time.
If courts started making spammers do this instead, it'd be a much better deterrent than jail, and it would much better fit the crime.
I think the decline can be attributed to a few factors:
1. Increased use of SPAM and virus filters on email, esp. at the provider level
2. It's no longer really a challenge to write email worms, etc. So the only people writing them are the ones trying to work for spammers
The new threat is going to be in viruses written for mobile phones with ever increasing OS capabilities, memory and CPU power. I'm not an anti-MS bigot, but I don't really want any version of windows at all on any mobile device that I store confidential info on. As more and more phones keep coming out that support advanced OS', you can expect more and more viruses for these devices.
Absolutely... if we can just get our weapons' size down to a few microns, and get (Al Quaida|Ruskies|Iraq|Iran|North Korea|Massachusetts) to limit their surveillance techniques to the proper wavelength, then this will be really breakthrough technology!
If you don't feel like forking over money, download OpenSSL and generate your own certs. Here's a good how-to if you're interested. But if you go this route, your users will either have to install your root certificate into their browser's trusted store (I don't recommend this, but hey, it's your computer), or they'll have to click through an annoying dialog warning that the certificate is not trusted.
What you're paying for when you buy a certificate is not so much the certificate itself, but for the processes surrounding the issuing of said certificate. When getting a certificate, you must prove to the registration authority that you are who you are, and that you have the legal right to obtain a certificate for your organization. Only after this verification has taken place will you be issued a certificate from a trusted authority. But your users can examine the certificate's chain of trust, and verify who they're talking to. Impossible to do with a self-signed or otherwise untrusted certificate.
Why, pray tell, should RealSoftware sue the USPTO because Microsoft filed an application for a patent? So far, there's no indication of whether the patent will be granted or not. So hold off on your "Let's sue the bastards rhetoric" for a while, and try to actually read the article for a change.
It's funny that the so-called security expert can't tell the difference between sites running on IIS and on servlet containers.
His very last example exploit showed clearly that the support.t-mobile.com site was in fact running on Resin, and the NumberFormatException indicates that at least in this case, the input parameters were being validated. You should notice that there is not a single class in the stack trace from a JDBC driver, and that the parameter was being converted to an integer. Hence no danger of an SQL injection attack. I'm not saying that it was handled 100% correctly by the app's programmer -- you should never let the user see that kind of error page. In any case, I would honestly expect that an expert such as the author of that article would have at least a little experience writing servlet-based apps and knowlege of how to read a Java stack trace.
My bank in the Czech Republic issued me an electronic key back in '98 that generates pseudo-random one-time passwords, and is also used authorize individual transfers. When I want to transfer money online, I have to generate a password on the electronic key, and it doesn't matter if somebody's managed to install sniffer software on my computer or not. The code is good just once. Then when actually sending the money, I have to enter the receiving account, amount, etc. and generate an authorization code (which is most likely a hash of a one-time password + transaction detail data). Again, it's completely useless to anyone who intercepts it.
Since this stuff has been around for seven years now in a country that most US IT workers would consider to be third-world, I think it's fair to say that US banks are way behind the ball if they're not providing non-hackable hardware keys to their customers. If anything, a class-action suit should bring up the fact that banks aren't doing near enough to protect their customers.
Sorry to disagree with you, but IMHO, Quicktime is the work of the devil. For years non-Mac users have had to deal with the buggy players offered for download by Apple. It's quality at low bandwidth is not that great, and you can forget about converting the files to something more reasonable and portable.
Actually, the jerk is a Junior majoring in "Philosophy"...
I'm also curious how much a full-page ad^G^G "story" on Slashdot costs...
As any mouse user can tell you, taking your hands off your keyboard is damaging to your productivity.
My wife is a mouse user, and quite frankly, I don't think I'll ever convice her that the mouse is a productivity killer. While I mysef, having grown up with command line interfaces (MS-DOS 3.1 anyone?) on the PC, I really doubt that Joe User has any sort of shell installed (Cygwin or MinGW MSYS) at all. I may prefer to use command-line tools, but that doesn't mean that all people do. So to answer your point, most mouse users, just like my wife, need the mouse to function. Just because you or I may be able to work more efficiently without one doesn't mean that the vast majority of people could function without one.
For enterprise-grade work I still prefer J2EE over
In the Czech Republic there's not only a TV tax, but a radio tax as well -- doesn't matter if you're a foreigner and can't understand the language or not, you must pay regardless. Unfortunately, the fact that you're paying for the public stations whether you watch them or not has no effect whatsoever on the quality of the programming offered. I think it's pretty much a European thing.
But as far as the German TV tax for PC's, that's just an example of the current socialist (or is it Social Democrat???, I forget the correct translation) government looking for more ways to suck more tax money from the German taxpayers.
Come on, this is not a software patent. This is a hardware patent, involving actual research and engineering!
Bitch all you want to about software patents, but physical inventions have been and will continue to be valid. Information may want to be free, but the atoms that make up the physical world are rather fond of various forces keeping them bound. And that's the way it should be.
Force people to install security updates or sell the PCs with them all pre installed and make windows update automaticly run once a month.
Sorry, but I'm not going to let any program, Windows Update included, automaticly [sic] run on my computer and update software willy-nilly. If you do this, you're just looking for trouble down the road when some "update" happens to either break software that you've got installed or install "new and improved" DRM from MS. You have to remember that a large number of updates from MS nowadays are not easily uninstalled... think twice before letting anything like that onto your system.
While I do feel for the guy, this is going way overboard. In effect he's gone and made himself judge, jury and executioner. The simple fact is that it he's opening himself up to major trouble. If for instance someone reverse engineered the algorthim for generating serial numbers, and then started distributing them, a paying customer could get serious screwed when his password is deemed "pirated" by the system. The biggest danger of this is during reinstallation after a system reinstall (never have to that under Windows, though...) -- it's six months since he legally bought the product, and all of a sudden, during reinstall, all of the user data is simply and suddenly gone. He had a choice of either making the software easier to install, sacrificing security of the serial numbers, or more difficult to install. He chose to make it easier to install, and should now live with that choice.
Fight piracy, yes. Vigilante tactics, no.
"Unfortunately, he will probably be convicted..."
Why "unfortunately"? Sidestepping the usual arguments based on the communist manifesto ("information wants to be free"), look at it from another angle.
If the man broke the law, he should face the consequences. He broke into a computer in the USA, so he should be tried there. If it was your home computer that he broke into, you'd be screaming bloody murder, but he broke into a campus system, which somehow makes him a "hero".
He illegally distributed stolen software via this computer in the USA, so he should be tried there.
Uh, don't know which planet you're from, but when was the last time that you read an article on an on-line news server (CNN, MSNBC, Reuters, etc.) that didn't have at least one glaring spelling or grammatical error?
We need more Bush.
Or my personal favorite from the '88 elections:
Lick bush in '88!
Of course with Morpheus's recent win in court...
Morpheus? Morpheus has been dead since they (were forcibly) switched to the Gnutella network. And if you read the legal opinion of the appeals court, it doesn't say that file sharing is inherently legal, just that the makers of the software are not liable for what their users do -- that's quite a large difference.
"So how long until everything in the home has its own IP address and script kiddies decide to get their kicks messing with your air conditioning during a heat wave?"
And just why exactly do you think that these devices are going to be open to the internet at large? Just because some marketing dweeb decided to call it "internet-enabled", doesn't mean that it's going to be on the net. Face it, having an ethernet port and webserver is not the same thing as being connected to the internet. These devices are designed to be run on a local network, which is likely behind some sort of DSL/cable-modem router, which means that unless the user goes to great lengths to do so, the devices are not visible. If of course you decide to set up NAT to let other people get to your thermostat, then you should be ready to feel the heat...